Archive for May 31st, 2013

The World Cancer Research Fund has recently released its statement about a story being circulated in social media and blogs concerning processed meat and cancer. The said piece was so widespread that they had to step in and make their official statement. But what is striking is how users get their information these days.

It is no surprise that social media is now considered a formidable news source, with most people sharing, tweeting, pinning stories and news items on their accounts. None has this in spades more than Facebook, which has an estimated billion active users per month and 4.7 million content items shared by its users everyday.

Because of the impressive online presence (like in social media), cybercriminals see this as a potential moneymaker. More users equal more possible victims. And just this May, we’ve seen several noteworthy threats that prove that the bad guys are not slowing down:

Early in May, we reported about several fake Iron Man 3 streaming sites sprouting across the web employing social media – in this case, Tumblr and Facebook – to spread their baits. Such social engineering tactics continue to work because these summer flicks appeal to users.

Because of their increasing popularity, it’s not a surprise to see scams for mobile platform. Just this month, we noted the fake free Instagram followers ruse, which in the end leads users to download a malware that gathers and sells the data stolen from the infected device.

As majority of financial transactions these days are done over the Internet (e.g. online banking, shopping etc.), banking and e-commerce sites are natural cybercrime targets. Just a few weeks ago, we saw how online banking users in Brazil were targeted by cybercriminals using fake homemade browser. From this incident, we uncovered the use of effective social engineering tactics that lured users to unintentionally disclose their Banco do Brasil login credentials.

We also saw how mobile ads in Android apps led to scam sites aimed at defrauding users and stealing their money. Although the incident was limited to Chinese users, it’s highly plausible similar attacks could occur in other parts of the world.

But the immediate question that comes to mind is how big web threats are. In our infographic, Are You Safe Online?, we provide an overview of the current threat landscape vis-à-vis the boom in contemporary online engagement. Based on this, we noticed a direct correlation between the two: the more we do things online, the more threats are likely to materialize.

The upside to all this is that we see more software vendors, social media sites and organizations offering added and improved security measures. But as commendable as these developments are, users must also do their share.

As June is declared as the National Internet Safety Month by the National Cyber Security Alliance, Internet users are reminded of simple steps that they can do to stay safe. Other practices like bookmarking reputable sites and regular system updating can go a long way. Treat your mobile devices like your PC that can be open to online threats.

One of the biggest issues of the Android OS is its fragmentation problem. We’ve covered this before – about how almost all Android updates have to pass through both device manufacturers and service providers before getting to end users. Unfortunately, this process is not quick or assured, which results in fragmentation: multiple versions of Android are present and in use.

This results in a many users being stuck with an outdated version of Android that may be riddled with vulnerabilities and security flaws. As of May 1, only 2.3% of Android devices in use are actually on the latest version, with more than a third still using Gingerbread – a version last updated in September 2011, and known to have 3-11 vulnerabilities, with the exact number depending on the specific version.

Leaving users on older versions of Android has two consequences: vulnerabilities are left unpatched, and new features won’t reach them. At this year’s Google I/O developer conference, Google announced plans to fix at least part of this problem: instead of rolling out a new version, they instead announced updates to core apps. This allows them to add new features to Android, while at the same time not needing to push a completely new version out to users. It does not solve all potential problems due to fragmentation, but it’s a step in the right direction.

Out latest monthly mobile report looks at this issue in full. It discusses the root of the problem itself, why it’s become a long-standing complaint, and how it may be a problem that may take Google a very long time to straighten out. Find out what you can do to help secure yourself and your device better if you are affected by this problem. We also have our infographic for an illustrated glance at the issue.